12/28/06 12:09 MH IP LAW ■» USPTO 



NO. 005 



Serial No. 09/578,633 
REMARKS 

Claims 1, 10, 16, 21 and 24 are proposed for amendment hereiA 
14-24 and 26-27 are presently pending in the above-identified application 



ideriig 



Applicants wish to thank the Examiner for carefully consi 
request for reconsideration and withdrawing the finality of the reje<|tion 
prior Office Action. 

With respect to the current Office Action and new grounds 
Applicants present this Amendment that contains a response to the 
and amends the independent claims to more particularly claim the 

Applicants respectfully submit, in view of this Amendment, 
currently pending claims, as amended, is patentably distinct from the 
condition of allowance. 



of rejection, 
Outstanding rejections 
indention, 

that each of the 
cited prior art and in 



Rejection of Claims under 35 USC S 102(e) 



Brief) 



The Office Action rejected claims 1-3, 6-12 14-24 and 26 
102(e) as being anticipated by U.S. Patent No. 6,725,378 issued 
(hereinafter "Schuba"). Applicants have amended the independent 
particularly claim the various aspects of the invention, and respectfully 
of the currently pending is patentably distinct from Schuba. 

As discussed in prior Amendments (and the Appeal 
application, Applicants' claimed invention is directed at ascertaining 
communications network and thereby identifying potential secuity 
perimeter of such network. Thus, an aspect of the invention 
determination of a security characteristic of a host (or hosts) 
communications network wherein the security characteristic is a 
between the first communications network and a second 
is, the host (associated with a first network) is probed with a particular 
packet is intentionally configured with a source address which i 
second communications network, and the connectivity measure is 



communic ations 



Claims 1-3,6-12, 



Applicants* prior 
ion set forth in the 



27 under 35 USC § 
to C. Schuba et at 
cjlaims herein to more 
submit that each 



in the present 
the integrity of a 
risks across the 
is directed to the 
associated with a first 
of connectivity 
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measure. 
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packet, where the 
associated with the 
itermined as function 
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of a response from the probed host (see, e.g., Applicants' Specificati >n, page 4, line 27 - 
page 5, line 6; and page 8, lines 20-22) to the packet. 

Importantly, the probe packet used in the present invention is generated and 
transmitted in particular fashion to take advantage of the principles of the invention. In 
particular, the source address is selected such that the TP address is sslernal to the probed 
host's network, that is, the originator address is "false or derived ' in that it does not 
originate from an actual host request (see, e.g., Applicants' Specif cation, page 9, lines 
25-29). Thus, in accordance with claimed invention, as more partic jlarly set forth in the 
amended independent claims herein, the generation of the probe packet is instrumental in 
that the source address is selected I ndependent of any request from ibe second host to the 
first host. Thus, by generating the particular packet and probing ti e connectivity of the 
particular host(s) within a network using such generated packets, ii. accordance with the 
claimed invention, an analysis of the network can be made to idenify potential security 
risks across the perimeter of the particular network. 

Said another way, Applicants' claimed invention is directed at discovering 
connectivity of, or between, a host machine (or host machines) as a function of a 
response (or absence thereof) to a specifically generated, configured and transmitted 
probe packet. This is in contrast to known so-called "self-defen<ling networks" which 
may employ filtering techniques within a network to limit the amount and type of Internet 
protocol messages allowed to by exchanged through a network any one time (see, 
Applicants' Specification page 3, line 24 through page 4, line 2\ Indeed, Applicants 
submit that.Sch.uba is one example of such known techniques, as * tailed hercinbelow. 

In brief, it is the determination of such connectivity meisure, using the probe 
packet--generated and configured in accordance with the i ivention-that is the 
contribution advanced by the Applicants over the cited prior art. Applicants have 
realized that spoofed packets can serve different purposes (aid non-malicious) by 
providing an enhanced security tool for discovering the connectbity between networks. 
This connectivity measure, in turn, can be used by system administrators to identify 
potential security risks across a network's perimeter and prejent malieious attacks 
(including but not limited to malicious spoofing). 
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Applicants have amended the pending independent claims 
claim the above-described aspects of the invention. For example, 

claim 1 recites: 

-A communications network security method for 
integrity of a first communications network and identifying 
risks across a perimeter of the first communications 
comprising: 

identifying a plurality of routes that define the first 
network; 

identifying a plurality of hosts associated with the first 
network as a function of the plurality of routes; 

receiving a census of the first communications network 
the plurality of hosts to determine a topology of the first 
network; 

probing at least one first host of the plurality 
communications network by eeneratine and transmitting a 
host, the first host being selected from the census results and 
at least a ^nrce address of a second host which is associated 
communications network, wherein the soorce address is 
gnv re quest fro™ tha second host to the firs t host; and 

determining a security characteristic of the probed 
of a response by the probed first host in receiving the 
characteristic being a measure of connectivity between the first 
network and the second communications network, the 
being an indication of connectivity between the first 
and the second communications network." (emphasis added b) 
Each of the currently pending independent claims has been 
fashion as the above-referenced amended independent claim 
limitations directed to the above-described features of the invention 



more particularly 
amended independent 



iscertaining the 
p>tential security 
the method 
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It is at least the above-described aspects of Applicants' invention that stand in 



have found certain 
in that the two are 
teach or suggest the 



contrast to Schuba. Applicants appreciate how the Examiner maj 
similarities between Schuba and Applicants disclosed invention ' 
directed at network security.. However, Schuba does not anticipate, 1 
aspects of Applicants invention as set forth above. As cited and ref fenced in the Office 
Action, Schuba's technique incorporates a so-called "monitor" that is arranged to capture 
IP/TCP datagrams passing along a network (see, e.g., Schuba, column 7, lines 38-41). 
However, Schuba's monitor does not P enerate probe packets as required by Applicants 
claimed invention. Rather, the monitor utilizes a datable (see, e.*,, Schuba, column 8, 
lines 5-10; and FIG. 3 element 57 - "database") containing three ca egories of addresses: 
"acceptable", "unacceptable", and "suspect" (see, e.g., Schuba, alumn 8, lines 18-47; 
column 3, lines 8-10; and column 1 1, lines 9-15) to analyze aire* y transmitted packets 
and classify such packets/messages in accordance with the database content. 

Schuba's technique requires classification of TCP packets into one of the 
aforementioned categories in order to implement the filtering technique and security 
measure taught by Schuba. This is in contrast to Applicants' clamed invention which 
generates a particular packet, configured in a specific fashion, to identify potential 
security risks across the perimeter of such network. Therefor,:, Applicants churned 
invention as set forth in the amended claims herein is patentably distinct from and over 
Schuba and Applicants respectfully request that any such rejection )e withdrawn. 

Regarding the rejection of each of the presently pending cependent claims these 
claims depend ultimately from one of the pending amended indepe ident claims 1,10,1 6, 
21 and 24 herein which Applicants submit are patentably distinct over Schuba for the 
aforesaid reasons. Thus, these dependent claims contain all the lin itations of the pending 
amended independent claims from which they depend, and Applicants respectfully 
submit that these dependent claims are also patentably distinc over Schuba for the 
aforesaid reasons, as well as other elements these claims add in combination to their base 
claim. 
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Re jection of Cl& m * ""^cr 35 USC § 112 

As mentioned above, Applicants acknowledge the 
the rejection set forth in the prior Office Action. As such, Appl 
confused by the continued rejection of claims 1, 7, 10, 16, 20, 3 
35 USC § U2, first paragraph. Perhaps this was merely an 
Examiner. However, if not, Applicants again traverse the rejection 

rinitna 1.10. 16,21 and 24 

The Office Action rejected claims 1, 10, 16, 21 and 24 
paragraph, as failing to comply with the enablement requirement 
respect to the claimed "security characteristic" and "an i 
subject matter. In so rejecting such claims, the Examiner asserts 
page 6) that £t the claims contain subject matter which was 
specification in such a way as to enable one skilled in the art to 
which it is most nearly connected, to make and/or use the invention. 

With respect to the claimed "security characteristic" subjecjt 
matter is supported and described in at least the following 
Specification; (i) page 4, lines 22-30; (ii) page 8, lines Ml; (Hi) 
page 6, lines 10-26; and (v) page 5, lines 1-6. At a minimum, 
Applicants' Specification enable one skilled in the art to 
"security characteristic" of Applicants' invention is directed to 
security risks across the perimeter of a network (see, e.g., Applicants 
4, lines 27-30; and page 8, lines 17-22) which, in turn, is the 
characteristic of the probed host" as claimed by Applicants, 
risks will be appreciated by those skilled in the art, and Applicant; 
such exemplary security risks in their Specification at page 2, line 
10; and page 1, line 28 through page 2, line 10. That is, the secur 
probed host, in accordance with the invention, is whether sucli 
security risk across the perimeter of the associated network. This 
is supported by the above-referenced passages of Applicants' 



withdrawing of the finality of 
cants are somewhat 
1, 23 and 24 under 
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follows: 



recog Mze 
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of connectivity" 
(see, Office Action* 
described in the 
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page 



matter, such subject 
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10, line 5-28; (iv) 
such passages from 
that the claimed 
identifying potential 
7 Specification, page 
determining a security 
of such security 
set forth a number of 
8 through page 3, line 
ty characteristic of the 
probed host poses a 
feature of the invention 
Specification in enabling 
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one skilled in the art to make and/or use the claimed security aspects of Applicants' 
claimed invention. 

With respect to the claimed "an indication of connectivity", s ich subject matter is 
supported and described in at least the following passages of Appli suits' Specification: 
(i) page 5, lines 1-6; (n) page 5, lines 26-29; (Hi) page 8, lines 1-22 (iv) page 9, line 15 
through page 1 1, line 14; and (v) FIG. 2. At a minimum, such passages from Applicants' 
Specification enable one skilled in the art to recognize that the chimed "indication of 
connectivity" of Applicants' invention is directed at discovering connectivity of, or 
between, a host machine (or host machines) as a function of a issponse (or absence 
thereof) to the specifically configured probe packet. As will be reco; piized by one skilled 
in the art the "connectivity" aspect of the claimed invention is the existence of, or 
absence of, a connection . This feature of the invention is supported by the above- 
referenced passages of Applicants' Specification in enabling one skilled in the art to 
make anoVor use the security aspects of Applicants' claimed inventio a. 

Regarding ibe Examiner's questions on page 6 of the Office Action: (i) "...it is 
not clear what is being measured regarding the security characterist c..."; and (ii) "Is the 
measure of indication of connectivity pertains to available bandwid h, traffic load, or the 
integrity of the network?" It will be appreciated from Applicants' Specification, as 
detailed above, that the claimed "indication of connectivity" is dincted to the existence 
of, or absence of, a connection . Thus, in accordance with the c. aimed invention, the 
"measure" is the existence (or absence of) the connection itself. He particular attributes 
of such connection (e.g., bandwidth or traffic load) as raised by the Examiner are 
irrelevant in terms of the claimed invention and do not serve a> proper grounds for 
rejecting Applicants claims under §1 12, first paragraph. The relevsmt aspect with regard 
to the claimed invention is the existence of, or abjencg of, a < connection as clearly 
indicated by the pending claims and supported by Applicants' Specification. 

For the reasons discussed above, the terms "security characteristic" and "an 
indication of connectivity" comply with the requirements of §11!!, first paragraph and 
Applicants respectfully request reversal of the §1 12, first paragraph rejections thereof. 
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ru»it«7. 20 and 23 

The Office Action separately rejected claims 7, 20 and 23 
first paragraph, as failing to comply with the enablement requirement 
respect to the claimed "different security levels". In so rejecting 
Examiner asserts (see, Office Action, page 6) that "the claims 
which was not described in the specification in such a way as to 
art to which it pertains, or with which it is most nearly connected or 
nearly connected, to make and/or use the invention". 

With respect to the claimed "different security levels 
supported in at least the following passages of Applicants' 
5-11; (ii) page 10, lines 5-20; (iii) page 6, lines 1-9; and (iv) page 
minimum, such passages from Applicants' Specification enable 
recognize that the claimed "different security levels" aspect of 
directed to ascertaining the security of different types of networks, 
Internet, or a corporate backbone vs. an external network. One 
clearly recognize that such disparate networks may have 
characteristics" which are well-known and typically specified by 
administrators. For example, the computer network security cha 
addressed by such network administrators include the examples oi 
threats detailed in Applicants 9 Specification beginning on page 1, 1 
at least through page 4, line 16. Such varying security characterises 
known network types (e.g., intranets, Internet, private networks, 
will be readily apparent to those skilled in the art, and in addition 
such aspects of the claimed invention in Applicants' Specification, 
in the art to make and/or use such claimed invention. 



35 USC § 112, 
, in particular, with 
such claims, the 
cdntain subject matter 
ena >le one skilled in the 
* ith which it is most 



such 



Regarding the Examiner's question on page 3 of the instanl 
different security levels means access authentication for useu 
implemented on the network in general and on firewall in parti 
appreciated from Applicants' Specification, as detailed above, that 
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skilled in the art to 
* invention is 
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different security 
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the types of security 
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security levels" between the first and second networks is directed 
principles, that is, that the first and second networks have differ^ 



to 



degree 



rte 



dissimilar; distinct; or separate) security levels. For example 
appreciated by those skilled in the art, a private network and publijc 
differing needs with respect to security levels. That is, the 
security levels (or the specific implementation or delivery of thereof 
the claimed invention. Rather, the relevant aspect with regard to 
as recited in claims 7, 20, and 23, is that the first and second 
have different security levels. 

For the reasons discussed above, the "different security 
Applicants complies with the requirements of §112, first 
respectfully request reversal of the §112, first paragraph rejections. 

Therefore, in view of the foregoing, Applicants respectfully 
the currently pending claims, as amended, is patentably distinct 
is respectfully submitted that each of the currently pending claims 
condition for allowance and reconsideration is requested. Favorable 
requested 



com nunications 



kvels" 



" as claimed by 
paragtaph and Applicants 



fror i 



11 



the most basic of 
(i.e., not the same; 
as will be readily 
network will have 
of the differing 
is not the focus of 
claimed invention, 
network 



submit that each of 
Schuba. As such, it 
the application is in 
action is respectfully 
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Should the Examiner believe anything further is desirable in order to place the 



application in even better condition for allowance, the Examiner is 
undersigned at the telephone number listed below. 



invited to contact the 



Respectfully sut mitted, 




Donald P. Dinella 
Attorney for Applicant(s) 
Reg. No. 39,961 
(908) 582-8582 



T>t^- FWf-mher 28. 2006 

Docket Administrator (Room 3J-219) 
Lucent Technologies inc. 
101 Crawfords Corner Road 
Holmdel,NJ 07733-3030 
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